def ca(self, value):
self._basic_constraints = x509.BasicConstraints({'ca': bool(value)})
if value:
self._key_usage = x509.KeyUsage(set(['key_cert_sign', 'crl_sign']))
self._extended_key_usage = None
else:
self._key_usage = x509.KeyUsage(set(['digital_signature', 'key_encipherment']))
self._extended_key_usage = x509.ExtKeyUsageSyntax(['server_auth', 'client_auth'])
def ca(self, value):
if value is None:
self._basic_constraints = None
return
self._basic_constraints = asn1_x509.BasicConstraints(
{'ca': bool(value)})
if value:
self._key_usage = asn1_x509.KeyUsage({'key_cert_sign', 'crl_sign'})
self._extended_key_usage = asn1_x509.ExtKeyUsageSyntax(
['ocsp_signing'])
else:
self._key_usage = asn1_x509.KeyUsage(
{'digital_signature', 'key_encipherment'})
self._extended_key_usage = asn1_x509.ExtKeyUsageSyntax(
['server_auth', 'client_auth'])
def key_usage(self, value):
if not isinstance(value, set) and value is not None:
raise TypeError(
_pretty_message(
'''
key_usage must be an instance of set, not %s
''', _type_name(value)))
if value == set() or value is None:
self._key_usage = None
else:
self._key_usage = x509.KeyUsage(value)
def _csr_info(self, subject, public_key, sans):
"""
Create the csr info portion of the certificate request"s ASN.1
structure
:param X509Name subject: subject to add to the certificate request
:param asymmetric.PublicKey public_key: public key to use when creating
the certificate request"s signature
:param sans: collection of dns names to insert into a subjAltName
extension for the certificate request
:type sans: None or list(str) or tuple(str) or set(str)
:return: the certificate request info structure
:rtype: csr.CertificationRequestInfo
"""
x509_subject = x509.Name.build(self._subject_as_dict(subject))
extensions = [(u"basic_constraints",
x509.BasicConstraints({"ca": False}), False),
(u"key_usage",
x509.KeyUsage({"digital_signature",
"key_encipherment"}), True),
(u"extended_key_usage",
x509.ExtKeyUsageSyntax([u"client_auth"]), False)]
if sans:
names = x509.GeneralNames()
for san in sans:
names.append(
x509.GeneralName("dns_name", _bytes_to_unicode(san)))
extensions.append((u"subject_alt_name", names, False))
return csr.CertificationRequestInfo({
"version":
u"v1",
"subject":
x509_subject,
"subject_pk_info":
public_key.asn1,
"attributes": [{
"type":
u"extension_request",
"values": [[self._create_extension(x) for x in extensions]]
}]
})
